RedFox Bastion

Zero Trust access platform — SSH, RDP & Application Access without VPN.

RedFox Bastion is a Zero Trust access platform: browser-based SSH and RDP, plus ZTNA Application Access to proxy any internal web application (Grafana, Kibana, admin panels) without VPN. Authenticated via Entra ID (OIDC), RBAC, policy engine, WORM audit logs — self-hosted, deployed via Docker.

Free trial — 14 days View pricing

LinuxmacOSWindows (WSL2)Docker | GoRustReact 18TypeScriptPostgreSQLRedisxterm.js

ZTNA

Application Access

SSH

Browser terminal

OIDC

Entra ID native

100%

On-premise

Features

Everything you need

Comprehensive security auditing with built-in best practices.

📱

SSH in your browser

WebSocket-based SSH terminal powered by xterm.js. No client software, no VPN — just a browser and Entra ID credentials.

🌐

Application Access (ZTNA)

Secure reverse proxy for internal web applications — Grafana, Kibana, admin panels, APIs. Identity-aware routing with policy enforcement, no VPN required. Enterprise feature.

🛡️

Zero Trust Policy Engine

Per-application access policies evaluated in real-time: RBAC, Entra ID groups, IP allowlists, time windows, MFA requirements. Default-deny, first-match-wins. Enterprise feature.

🌐

RDP via browser

Browser-based Remote Desktop access via custom Rust proxy (IronRDP). Connect to Windows servers without local RDP client.

🔒

Entra ID authentication (OIDC)

Native OpenID Connect with Microsoft Entra ID. No local passwords, no shared keys — identity verified by your IdP on every connection.

🛡️

RBAC & JIT access

Role-based access control (admin/operator/viewer). Just-in-time elevation with automatic expiration (Enterprise).

📄

WORM audit logs

Immutable, append-only audit trail for every session and application access. Who connected, when, to which target — tamper-proof by design.

🐛

Session recording

Full terminal session replay for SSH. Searchable, exportable, integrated with the audit log.

🔒

Credential vault (Enterprise)

Encrypted storage for SSH keys and service account credentials. Users never see the actual secrets — RedFox injects them at connection time.

🌐

Database proxy (Enterprise)

Proxied access to PostgreSQL, MySQL, MSSQL. Query logging, role-based access, no direct database exposure to end users.

🛡️

Signed installer

Docker images signed with Cosign + GPG. Verify image integrity before deployment. Air-gap friendly with offline image bundles.

⚙️

HA cluster (Enterprise)

Active-active clustering with shared state. Zero-downtime upgrades, automatic failover, horizontal scaling for large teams.

Installation

Installer RedFox Bastion

A single command. Docker support included.

RedFox Bastion

$ curl -fsSL https://install.coderaft.io | bash

Docker only One-command install 100% on-premise

Ready to secure your environment?

Free trial of RedFox Bastion for 14 days. No credit card required.

Free trial — 14 days Contact us